bug fix openssl v1.1.0 (#166) and DOMAIN_PEM_LOCATION (#167)

9 years ago · 36e3428ac5
--- a/dns_scripts/dns_add_cloudflare
+++ b/dns_scripts/dns_add_cloudflare
@ -3,6 +3,14 @@
 email=${CF_EMAIL:-''}
 key=${CF_KEY:-''}

 # This script adds a token to cloudflare DNS for the ACME challenge
 # usage dns_add_cloudflare "domain name"  "token"
 # return codes are;
 # 0 - success
 # 1 - error in input
 # 2 - error within internal processing
 # 3 - error in result ( domain not found in cloudflare etc)

 fulldomain="${1}"
 token="${2}"
 API='https://api.cloudflare.com/client/v4/zones'
@ -55,14 +63,14 @@ while [[ "$resp" ]]; do
    domains=( "${domains[@]}" "${BASH_REMATCH[1]}" )
  else
    echo "Error getting domain name"
    exit 1
    exit 2
  fi
  re='"id":"([^"]*)"'
  if [[ "$first" =~ $re ]]; then
    ids=( "${ids[@]}" "${BASH_REMATCH[1]}" )
  else
    echo "Error getting domain id"
    exit 1
    exit 2
  fi
 done

@ -93,7 +101,7 @@ done

 if [[ -z "$domain" ]]; then
  echo 'domain name not found on your cloudflare account'
  exit 1
  exit 3
 fi

 txt_record="_acme-challenge.${fulldomain%.$domain}"
@ -102,12 +110,16 @@ resp=$(curl --silent "${curl_params[@]}" -X POST "$API/$domain_id/dns_records" \

 # if it failed (success:false) then give error message
 if [[ "${resp// }" == *'"success":false'* ]]; then
  if [[ "${resp// }" == *'"code":81057'[^0-9]* ]]; then
    echo "DNS challenge token already exists"
    exit
  fi
  re='"message":"([^"]+)"'
  if [[ "$resp" =~ $re ]]; then
    echo "Error: DNS challenge not added: ${BASH_REMATCH[1]:-unknown error}"
    exit 2
    echo "Error: DNS challenge not added: ${BASH_REMATCH[1]}"
    exit 3
  else
    echo "Error: DNS challenge not added: unknown error - ${resp}"
    exit 2
    exit 3
  fi
 fi
--- a/dns_scripts/dns_del_cloudflare
+++ b/dns_scripts/dns_del_cloudflare
@ -3,6 +3,15 @@
 email=${CF_EMAIL:-''}
 key=${CF_KEY:-''}

 # This script removes a token from cloudflare DNS for the ACME challenge
 # usage dns_del_cloudflare "domain name"  "token (optional)"
 # if token is not specified, then all tokens are removed.
 # return codes are;
 # 0 - success
 # 1 - error in input
 # 2 - error within internal processing
 # 3 - error in result ( domain not found in cloudflare etc)

 fulldomain="${1}"
 token="${2}"
 API='https://api.cloudflare.com/client/v4/zones'
@ -50,14 +59,14 @@ while [[ "$resp" ]]; do
    domains=( "${domains[@]}" "${BASH_REMATCH[1]}" )
  else
    echo "Error getting domain name"
    exit 1
    exit 2
  fi
  re='"id":"([^"]*)"'
  if [[ "$first" =~ $re ]]; then
    ids=( "${ids[@]}" "${BASH_REMATCH[1]}" )
  else
    echo "Error getting domain id"
    exit 1
    exit 2
  fi
 done

@ -88,7 +97,7 @@ done

 if [[ -z "$domain" ]]; then
  echo 'domain name not found on your cloudflare account'
  exit 1
  exit 3
 fi

 curl_request="$API/$domain_id/dns_records?type=TXT&name=_acme-challenge.$fulldomain"
@ -102,11 +111,11 @@ if [[ "${resp// }" =~ $re ]]; then
  resp="${BASH_REMATCH[1]}"
  if [ -z "$resp" ]; then
    echo 'challenge TXT record not found on your cloudflare account'
    exit 2
    exit 3
  fi
 else # results section not found
  echo "error in results section response from cloudflare"
  exit 1
  exit 3
 fi

 while [[ "$resp" ]]; do # iterate through records returned
@ -120,7 +129,7 @@ while [[ "$resp" ]]; do # iterate through records returned
    id="${BASH_REMATCH[1]}"
  else
    echo "Error: domain ID not found"
    exit -1
    exit 2
  fi
  respd=$(curl --silent "${curl_params[@]}" -X DELETE "$API/$domain_id/dns_records/$id")
  if [[ "${respd// }" == *'"success":false'* ]]; then
--- a/+ 6
+++ b/+ 6
@ -151,10 +151,12 @@
 # 2016-11-05 added TOKEN_USER_ID (to set ownership of token files )
 # 2016-11-05 updated style to work with latest shellcheck (1.78)
 # 2016-11-07 style updates
 # 2016-11-07 bug fix DOMAIN_PEM_LOCATION starting with ./ #167
 # 2016-11-08 Fix for openssl 1.1.0  #166 (1.79)
 # ----------------------------------------------------------------------------------------

 PROGNAME=${0##*/}
 VERSION="1.78"
 VERSION="1.79"

 # defaults
 CODE_LOCATION="https://raw.githubusercontent.com/srvrco/getssl/master/getssl"
@ -677,7 +679,7 @@ get_signing_params() { # get signing parameters from key
  else
    error_exit "Invlid key file"
  fi
  thumbprint="$(printf "%s" "$jwk" | openssl sha -sha256 -binary | urlbase64)"
  thumbprint="$(printf "%s" "$jwk" | openssl dgst -sha256 -binary | urlbase64)"
  debug "jwk alg = $jwkalg"
  debug "jwk = $jwk"
  debug "thumbprint $thumbprint"
@ -1608,7 +1610,7 @@ for d in $alldomains; do
      debug keyauthorization "$keyauthorization"

      #create signed authorization key from token.
      auth_key=$(printf '%s' "$keyauthorization" | openssl sha -sha256 -binary \
      auth_key=$(printf '%s' "$keyauthorization" | openssl dgst -sha256 -binary \
                 | openssl base64 -e \
                 | tr -d '\n\r' \
                 | sed -e 's:=*$::g' -e 'y:+/:-_:')
@ -1838,7 +1840,7 @@ if [[ ! -z "$DOMAIN_PEM_LOCATION" ]]; then
    to_location="${DOMAIN_PEM_LOCATION}"
  fi
  cat "$DOMAIN_DIR/${DOMAIN}.key" "$CERT_FILE" "$CA_CERT" > "$TEMP_DIR/${DOMAIN}.pem"
  copy_file_to_location "full key, cert and chain pem" "$TEMP_DIR/${DOMAIN}.pem"  "$DOMAIN_PEM_LOCATION"
  copy_file_to_location "full key, cert and chain pem" "$TEMP_DIR/${DOMAIN}.pem"  "$to_location"
 fi
 # end of copying certs.